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(54) An electronic data protection system. 

(57) The system includes : a storage medium (1) 
for storing an encrypted electronic data, a 
medium number and encrypted permission in- 
formation ; a vendor computer having a per- 
sonal key generating unit (21) for generating a 
medium key based on the medium number (12), 
an electronic data decrypting key (22), and an 
encrypting unit (23) for encrypting the elec- 
tronic data decrypting key based on the 
medium key to generate the encrypted permis- 
sion information. The user computer having a 
personal key generating unit (31) for generating 
a medium key based on the medium number, a 
decrypting unit (32) for decrypting the encryp- 
ted permission information based on the 
medium key to generate the electronic data 
decrypting key which is the same as the elec- 
tronic data decrypting key of the vendor com- 
puter, and a decrypting unit (34) for decrypting 
the encrypted electronic data (14) based on the 
electronic data decrypting key (33) to generate 
a plain text electronic data. 
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BACKGROUND OF THE INVENTION 
1. Field of the Invention 

The present invention relates to an electronic 
date protection system, and more particularly, i, re- 

ecTno T J I" 10 Pr ° tec,i0n system for Pro- 
tecting electronic data, for example, software used for 

LinT data PUb "' Shed electronically, from 

being illegally copied by a third party. 

2. Description of the Related Art 

Recently, various computers, electronic publish- 
ing and the like, which utilize electronic data, are 
widely used in various fields. In general, software and 

zssz are protected by copyri9ht in 

However, it is relatively easy for a third party to 
-legally copy electronic data. As a result of illegal 
copying, a vendor of electronic data suffers signifi- 
cant damage ,n that he cannot derive legitimate ben- 

dau lt a T '^^^^^^^ostof electronic 
oata, .e., the software and electronically published 
data rises so that users also suffer due to increased 

Hon f CC ° rdi " 9ly ' il is "pessary to provide a protec- 
hor , system for electronic data, such as software and 
electronical y published data, in addition to protection 
by means of copyright 

SUMMARY OF THE INVENTION 

a „ J h ? ° b / eCt ° f the pr6Sent inventi °n is to provide 
an electronic data protection system enabling certain 
protection of electronic data, such as software used 

L JT^ ^ electronical| y Polished data from 
illegal copying by a third party. 

In accordance with the present invention, there is 
teTn ^ e ' eCtr0niC ^ Pr ° lection ^tem for pro! 

oar tv tntT T data fr ° m il,e9a ' C ° Pyin 9 by a tL 
party, the system including: 

^J- S !°? 96 mediUm f0r storin 9 an encrypted 
e.ecfronic date, a medium number and an encrypted 

oerZr," ' nf0rmati0n; a computer having a 

Zlr ? ! he med ' Um number ' an electronic data 
dec r yp tlng key and an encrypting unit for encrypting 

InST" 3 deCryPting k6y based on tne ™ 
mTo„ I t0 96nerate the encr yPt a « Permission infor- 
mation, and a user computer having a personal kev 
generating unit for generating a medium key based 11 
he medium number, a decrypting unit for decrypting 
the encrypted permission information based on the 
med.um key to generate an electronic data decrypting 55 
key which ,s the same as the electronic data decrypt 
ng key of the vendor computer, and a decrypting unit 
for decrypting the encrypted electronic data based on 



the electronic data decrypting key to generate plain 
text (unencrypted) electronic data. 

In a preferred embodiment, the electronic data is 
software used in a computer. 

5 J" T? 6 ' Preferred embodi "ent, the electronic 
data is electronically published data 

In still another preferred embodiment, the stor- 

dataTnrT f reS 3 P,UraMty ° f 6ncrypted e,ect ™ic 
m t h encry P te « electronic date has a differ- 

10 en electronic data decrypting key; the vendor com- 
puter encrypts only an electronic decrypting key for 
the encrypted electronic data permitted by a vendor 
by using the medium key, and stores the encrypted 

is c tZ n ' C 3 k6y °" the stora9e medium as i- 
« crypted permission information; and the user com- 
puter decrypts the encrypted electronic date corre- 
sponding to the encrypted permission information 
In still another preferred embodiment, the user 

20 Z T WnteS m6diUm number on the storage 
20 medium in an un-rewritable form 

mm ' n f " another Purred embodiment, the vendor 
«Ton 7,T eS 6nCrypted permission '"forma- 
stor fl n h 1 St ° rage medium ' and the different 
25 Puter med,UmiSSUpp,iedforus ewiththeusercom- 

In still another preferred embodiment, the vendor 

maZ rn r r nSferS 8nCrypted permissi °" 
Z annVh C ° mPUter thr0U9h a Emission 

30 XL ? US6r C ° mpUter decry P ts the encrypted 
*> electronic data from the storage medium based on 

the encrypted permission information 

in still another preferred embodiment, the vendor 

Znto H S 6nCryPted P6rmissi0 " <»f°"™- 
bon to the user ,n a document, and the user computer 

a r yP h 6nCryPted 6leCtronic data fr ™ tZsS- 

foLZl T . ed ° n thS encrypted Permission in- 
formation described in the document 

In still another preferred embodiment, the stor- 
age medium ,s an optical magnetic disk, or a partially 
40 embossed optical disk. "Partially 

cJH f " r°!. her Preferred emb °diment, the vendor 
computer further comprises a software encrypting 

IZZ^T* tab ' e indUdin9 software names and 
« IZTZsT C ° rreSP0ndi ^ ^ respective soft- 

rJH t Sti " an ° ther preferred embodiment, the user 
computer further comprises a software decrypting 
key management table including software names and 

so t7ISJ eys correspondin9 to respec «- •* 

BRIEF EXPLANATION OF THE DRAWINGS 
In the drawings: 

2L! '? a f h6matiC b ' OCk dia 9 ram conven- 
honal electronic data protection system- 
Fig. 2 ,s a principal view of the present invention, 
Fig. 3 shows one embodiment of the present in- 
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vention; 

Fig. 4 is a flowchart of a storage process of soft- 
ware according to the present invention; 
Figs. 5A and 5B are explanatory views for one ex- 
ample of the encrypting process; 5 
Fig. 6 shows a software encrypting key manage- 
ment table according to an embodiment of the 
present invention; 

Figs. 7A and 7B are flowcharts for generating 
permission information; w 
Fig. 8 is an explanatory view of generation of the 
permission information; 

Figs. 9A and 9B are flowcharts for a decrypting 
process of software; 

Figs. 10A, 10B, and 10C are explanatory views of 15 
a program as electronic data; 
Fig. 11 A, 11B, and 11C are explanatory views of 
data as electronic data; 

Fig. 12 is an explanatory view of a ROM/RAM 
mixed type optical magnetic disk; 20 
Fig. 1 3 is an explanatory view for permission in- 
formation stored in another storage medium; and 
Fig. 14 is an explanatory view of multiple soft- 
ware written on one storage medium. 

25 

DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

Before describing the preferred embodiments, a 
conventional art and its problems will be explained 30 
below. 

Figure 1 is a schematic block diagram of a con- 
ventional electronic data protection system, particu- 
larly, a software protection system. The feature of the 
conventional software protection system lies in gen- 35 
eration of permission information 72 by using a user's 
personal number 91 as explained in detail below. 

As shown in the drawing, a software storage me- 
dium 71, for example, an optical magnetic disk, a CD- 
ROM, a floppy disk and the like, is provided by a ven- 40 
dor to a user. That is, the vendor provides the soft- 
ware storage medium 71 storing the software to the 
user. The software storage medium 71 includes the 
permission information 72 and encrypted software 
73. The vendor computer includes a personal key 45 
generating unit 81, a software decrypting key 82 and 
an encrypting circuit 83. Further, the user computer 
includes the user's personal number 91, a personal 
key generating unit 92, a decrypting circuit 93, a soft- 
ware decrypting key 94, and a decrypting circuit 95. 50 

The software is stored in the software storage 
medium 71 after encryption. A user's personal key is 
generated by using the user's personal number 91, 
and the software decrypting key 82 is decrypted by 
the user's personal key so that the encrypting circuit 55 
83 encrypts the software decrypting key 82 to gen- 
erates the permission information. The permission 
information is stored on the software storage medium 



71. 

The user buys the software storage medium 71 
including the permission information 72 and the en- 
crypted software 73, and the user computer decrypts 
the encrypted software 73 so that it is possible to 
execute the unencrypted program. 

In the vendor computer, the personal key gener- 
ating unit 81 generates the personal key based on the 
user's personal number 91, for example, an appara- 
tus number of a computer. The software decrypting 
key 82 decrypts the encrypted software 73. The en- 
crypting circuit 83 generates the permission informa- 
tion 72 for storage on the software storage medium 
71. 

In the user computer, the personal key generat- 
ing unit 92 receives the user's personal number 91 
and generates the user's personal key. The decrypt- 
ing circuit 93 decrypts the permission information 72 
from the software storage medium 71 based on the 
personal key 81. The software decrypting key 94 is 
input to the decrypting circuit 95, the decrypting cir- 
cuit 95 decrypts the encrypted software 73 to gener- 
ate the plain text software. As a result, the plain text 
software is loaded into a main storage of the user 
computer. 

An explained above, the conventional software 
protection system utilizes a user's personal number 
(or, an apparatus number of a computer) and a per- 
sonal key. 

In use of the personal number for the computer, 
the execution for the computer is applied by the per- 
mission information 72 so that only that computer can 
execute the plain text software. Accordingly, the user 
cannot utilize a different computer even if he is autho- 
rized. Further, it is impossible to transfer such plain 
text software to a third party. 

In use of the personal number for portable hard- 
ware, it is necessary to provide an interface between 
the hardware and the computer so that the total cost 
for protection rises. 

As a feature of the present invention, a storage 
medium for storing electronic data includes a medium 
number. A vendor authorizes use of the medium num- 
ber. According to the present invention, it is possible 
to access only electronic data stored on the medium 
authorized by the vendor. 

Figure 2 is a principal view of the present inven- 
tion. In Fig. 2, the storage medium 1 includes a me- 
dium number 12, permission information 13, and en- 
crypted electronic data 14. In the present invention, 
the electronic data includes computer software and 
electronically published data, as explained below. 
The vendor computer includes a medium personal 
key generating unit 21, an electronic data decrypting 
key 22, and a decrypting unit 23. The user computer 
includes a medium personal key generating unit 31, 
a decrypting unit 32, an electronic data decrypting 
key 33, and a decrypting unit 34. 
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The personal key generating units 21 and 31 gen- 
erate a medium key based on the medium number 12 
The encrypting unit 23 encrypts the electronic data 
decrypting key 22 based on the medium key. 

The decrypting unit 32 decrypts the permission 5 
information 1 3 based on the medium key, and gener- 
ates the electronic data decrypting key 33. Further 
the decrypting unit 34 decrypts the encrypted elec- 
tronic data 14 based on the electronic data decrypting 
key 33, and generates the plain text electronic data. 10 

In the present invention, briefly, only the medium 
number 12 and the encrypted electronic data 14 are 
previously stored in the storage medium 1. 

In the vendor computer, the personal key gener- 
ating unit 21 generates the medium key based on the 15 
medium number, the encrypting unit 23 encrypts the 
electronic data decrypting key 22 based on the me- 
dium key, and the encrypting unit 23 writes the en- 
crypted data onto the storage medium 1 as the per- 
mission information 13. 2Q 

In the user computer, the personal key generat- 
ing unit 31 generates the medium key based on the 
medium number 12 of the storage medium 1 the de- 
crypting unit 32 decrypts the permission information 
1 3 based on the personal key, and generates an orig- 25 
mal electronic data decrypting key 33, and decrypting 
unit 34 decrypts the encrypted electronic data 14 
based on the original electronic data decrypting key 
33, and provides the plain text electronic data. 

Further, a different electronic data decrypting 30 
key 22 is provided for every encrypted electronic data 
14. Only the electronic data decrypting key 22 of the 
encrypted electronic data 14, in which the use is per- 
mitted in the vendor computer, is encrypted by the 
medium key, and stored on the storage medium 1 as 35 
the permission information 13. Further, only the en- 
crypted electronic data corresponding to this permis- 
sion information 13 stored on the storage medium 1 
is decrypted in the user computer to provide the plain 
text electronic data. 

40 

Still further, only the medium number 12 may be 
written onto the storage medium 1 in the un-rewrit- 
able form by the user computer. Still further, only the 
permission information 13 may be stored on another 
medium, for example, a floppy disk, by the vendor 45 
computer, and be provided for use in the user comput- 
er. Still further, the vendor may transfer the permis- 
s.on information 13 to the user computer through a 
transmission line, so the user computer can decrypt 
the encrypted electronic data 14 based on the per- 50 
mission information 13 to provide the plain text elec- 
tronic data. 

In this case, as the encrypted electronic data 14 
there are software for operating various computers 
or various types of data (character data, image data' 55 
sound data), and these are encrypted to protect con- 
tent thereof. Accordingly, since the medium 1 storing 
the encrypted electronic data 14 includes the medium 



number in the un-rewritable form, the vendor comput- 
er allows use of the electronic data having the me- 
dium number. Accordingly, it is possible to use only 
the encrypted electronic data 14 stored on the correct 
medium 1 and authorized by the vendor. As a result 
it is possible to transfer the stored electronic data to 
another user so that it is possible to use this medium 
1 in another computer. 

Figures 3 to 1 4 are explanatory views for embodi- 
ments of the present invention. As one example of 
electronic data shown in Fig. 2, an explanation is giv- 
en next for software used for a computer. 

Figure 3 shows one embodiment of the present 
invention. In Fig. 3, the software storage medium 11, 
for example, an optical magnetic disk (particularly, a 
disk having a capacity in the range of several hundred 
M-byte to several G-byte), is a medium for storing 
software authorized by a vendor for use by a user. 
The software storage medium 11 stores the medium 
number 12 in an un-rewritable form, the permission 
information 13 granting permission for use of the 
software to the user, and the encrypted software 15. 

The medium number 12 is a particular number for 
the medium 11, and this medium number cannot be 
rewritten (i.e., is un-rewritable) by the user. That is 
this medium number 12 is written into an area which 
the user cannot rewrite. This area can be managed in 
various forms. For example, this area may be man- 
aged by an Operating System (OS). Further, it may be 
possible to arranged that this area cannot be rewrit- 
ten by means of the Operating System. 

The permission information 13 is provided from 
the vendor to the user to permit use of the software 
In this case, this permission information 13 incorpor- 
ates encrypted data for decrypting the encrypted 
software 15 (see, Figs. 7 and 8). The encrypted soft- 
ware 15 is shown in Figs. 4 to 6. 

The vendor computer includes the personal key 
generating unit 21, the software decrypting key 24 
and the encrypting unit 23. The personal key gener- 
ating unit 21 generates the medium key based on the 
medium number 12 read from the software storage 
medium 11 (see. Fig. 7). The encrypting unit 23 en- 
crypts the software decrypting key 24 based on the 
medium key generated by the personal key generat- 
ing unit 21 . The data encrypted by the encrypting unit 
23 is stored in the software storage medium 11 as the 
permission information 13. 

The user computer includes the personal key 
generating unit 31, the decrypting unit 32. the soft- 
ware decrypting key 35, and the decrypting unit 34 
The personal key generating unit 31 generates the 
medium key based on the medium number 12 read 
from the software storage medium 11 (see, Fig 7) 
The decrypting unit 32 decrypts the permission infor- 
mation 13 read from the software storage medium 11 
based on the medium key generated by the personal 
key generating unit 31, and generates the software 
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decrypting key 35 (see, Fig. 9). The decrypting unit 34 
decrypts the encrypted software 15 read from the 
software storage medium 11 based on the software 
decrypting key 35, and generates the plain text soft- 
ware (see, Fig. 9). The user computer then executes 5 
the plain text software. 

Figure 4 is a flowchart of a storage process of the 
software according to the present invention. This 
flowchart shows the storage process of the encrypt- 
ed software 15 and the encrypted permission infor- 10 
mation 1 3. In step S1 , the vendor generates the soft- 
ware, for example, a job program, etc., and stores the 
generated software onto the software storage me- 
dium. In step S2, the vendor generates the software 
encrypting key. In step S3, the software encrypting 15 
key is stored in an encrypting key management table 
(see, Fig. 6) corresponding to each software. That is, 
the encrypting key generated by step S2 is stored in 
the encrypting key management table in correspon- 
dence with the name of the software generated by 20 
step S1. 

In step S4, the software encrypting key corre- 
sponding to the software designated by the vendor is 
taken from the encrypting key management table. In 
step S5, the vendor encrypts the plain text software 25 
by using the software encrypting key taken from the 
encrypting key management table to generate the en- 
crypted software. As shown in Fig. 5, a main body of 
the software is encrypted by the encrypting key so as 
to generate the encrypted software body by using, for 30 
example, a data encryption standard (DES) which is 
widely used in the United States. As shown in Fig. 5B, 
in the DES, the main body of the software having 64- 
bit train is encrypted to the same 64-bit train, but hav- 
ing a different bit order. 35 

In step S6, the encrypted software is stored in 
the storage medium of the vendor (or, a manufacturer 
of the medium) so that it is possible to hold the once 
encrypted software. Accordingly, in a subsequent 
use of the software, the encrypting process can be 40 
omitted by the vendor since the software held on the 
medium is used again. In step S7, the encrypted soft- 
ware is stored on the software storage medium 11. In 
step S8, the vendor determines whether or not the 
encrypting process for the software is completed and 45 
the encrypted software is stored on the storage me- 
dium. When the result is "YES", the encrypting proc- 
ess is completed by the vendor. 

When the result is "NO", the encrypting process 
returns to the step S7 and sequentially stores the en- 50 
crypted software having the name of the software 
designated. As explained above, the encrypted soft- 
ware is stored on the software storage medium 11. 

Figures 5A and 5B are explanatory views of one 
example of the encrypting process. A header portion 55 
H includes a software name as an identifier, and a 
main body of the software S includes the plain text 
software. The header portion H is not encrypted, and 



the main body of the software S is encrypted by the 
encrypting key K. The encryption is performed, for 
example, using the DES (Data Encryption Standard) 
as shown in Fig. 5B. The DES is already known in the 
United States. 

As shown in Fig. 5B, according to the encrypting 
process of the DES, the 64-bit bit train of the plain text 
software is converted to the same 64-bit train as 
above, but having a different bit order. The decrypting 
unit decrypts the encrypted 64-bit train to the plain 
text software by using the DES. 

Figure 6 shows a software encrypting key man- 
agement table according to an embodiment of the 
present invention. As shown in the drawing, the soft- 
ware encrypting key management table 4 is formed 
by the name of the software and the encrypting key 
corresponding to the name of the software. An es- 
cape character "ENC" is attached to each software 
name to indicate that the corresponding software is 
already encrypted. Further, the encrypted key is 
formed by a 64-bit bit. train as explained above. 

(1) Regarding the plain text software to be stored 
onto the storage medium, the software encrypt- 
ing key is taken from the software encrypting key 
management table. 

(2) The encrypting circuit 41 encrypts the plain 
text software based on the software encrypting 
key obtained by the above (1). 

(3) The encrypted software is stored on the soft- 
ware storage medium 11 as the encrypted soft- 
ware 15. 

The above steps are repeated for ail plain text 
software designated by the vendor. As explained 
above, since once encrypted software is held by the 
vendor, this encrypted software is stored again on 
the software storage medium when another user re- 
quests this plain text software. The medium number 
1 2 is provided for only the corresponding storage me- 
dium, and is written onto the medium 11 in an un-re- 
writable form (i.e., the personal number cannot be re- 
written). 

Further, the encrypting key stored in the soft- 
ware encrypting key management table 4 coincides 
with the decrypting key when using an object key 
number as an encrypting algorithm. As explained 
above, the software encrypting key corresponding to 
the plain text software is taken from the software en- 
crypting key management table, the plain text soft- 
ware is encrypted by the software encrypting key to 
generate the encrypted software, and the encrypted 
software is stored in the software storage medium 
11. 

Figures 7A and 7B are flowcharts for generating 
permission information, and Figure 8 is an explana- 
tory view of generation of the permission information. 
The flowchart explains that the permission informa- 
tion 13 is generated for the software to be authorized 
and stored on the software storage medium. 
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thorilln ' 6 " ame ° f the software to be au- 
thored ,s input to the software decrypting key man 

key ,s loaded from the software decrypting key man 

agement table 5. As shown in Fig. 8 the decryptfna s 

key corresponding to the name of the software to be 

authored is sent from the software decrypt ng key 

management table 5 to the encrypting circuit 3 3 " 

in step S13, the medium number 12 is loaded 
from the software storage „ 

the medium key ,s generated in the personal key gen- 
era.ng crcuit 211. That is, as shown in Fig. 7B the 
med urn number (plain text, i.e., unencrypted) is en- 

thfmH by \ SeCretke ^ 0r - a ^-etalgori; P hm)sothat 
the medium key (encrypted) is generated. In genera? 15 
•n use of the DES. a secret key is used, and in use of 
a secret algorithm, the secret key is not usei 

In step S15, the software decrypting key (plain 

kevso tn a tr CryPted) iS 6nCrypted by the ^™ 
key so that the permission information (encrypted) is ™ 
generated. The DES is used for the above encry£ 

TyZ7^lZ s1 %T permission ^ZZ 9 

a7e P mel y m ^ ^ ^ — 

As explained above, briefly, the encrypted soft- 2S 
ware IS stored on the sof(ware stor VP <*t 2S 

the med,um key 12 is read therefrom the software 

TeZTtnT ,S enCTyPted by thS 
andthfJ e t " C : yPted permission information 13, 
ed on th I permission information 13 is stor^ 30 

ed on the software storage medium 11. Accordingly 
t he , encrypted software 1 5 and the encrypted permis 

a^rm^ 13 ^ 8 ^ 0 "- 6 ^— 

menr"^?* S ° ftWare key manage- 35 

ment table 5 ,s provided for managing the software 

tSSn V hiCh " US6d When the e "-XPted 

Ian The 6CryPted t0 ^ the p,ain 
ware. The software decrypting key is managed in cor- 

oec^lTr' 4 " S ° ftWare " ame - Software 40 
cZZTl 7 mana9ement tab 'e 5 stores the de- 
crypting key havmg the same structure as the soft- 
ware encrypting key management table 4 

to al h er n £• Ve " d ° rSells P ermi ^i°n information 

softwa™ « m " m nUmb6r 12 iS read from fe 45 
software storage medium 11. The personal key 

generating circuit 211 receives this medium num- 

suT4 e rT s the medium key (see> step 

(2) Next, the software decrypting key corre- so 
spondmg to the software to be soldls taken?™ 
5 a „° deCryPtinQ k6y ma nagement table 

hv hi V 3re decr yP ti n9 key is encrypted 

so Sat T° k6y enCryPtin9 «*«« 231 55 
so that the encrypting circuit 231 generates the 

permission information 13. The permission infor- 
mation 13 includes the software name having the 



escape character ENC and the encrypted per- 
miss.on information, and this permission infor- 
mation 13 , s stored on the software storage me- 
dium 11. In this case, the software decrypting 
key and the algorithm (or. the secret key) are pro 
tected by a known safety means (not shown) 
As explained above, the vendor generates the 

from' r 6 k T aSed ° n tHe medium "umber ifread 
from the software storage medium 11. encrypts the 
software decrypting key based on the medium key 
and stores this software decrypted key into thTsofl' 
ware storage medium 11 as the permission Ltorma- 

Figures 9A and 98 are a flowcharts of a decrypt- 
ing process of the software. The user buys the sS- 
ware storage medium 11 and mounts it I the user 
loads! J ; ^ S ° f lWarS ° f the Stora ^ -edium 11 

tz a S2 T z emory to execute the program 

stnJL ? US6r com Puter receives an in- 

struction to execute the software. In step S22 the 
^-m number 12 is taken from the software s or! 

cZZT™ • ' n St6P S23> the medilJm ^y (unen- 
ZZul * 6nCryPted by the Secret ke V (or, ine algl 
nthm) to generate the encrypted medium key. In sfep 

crvoJd h r y T PermiSSi0n information is de 

ware decrypting key is generated. 

from , ?h SteP f 25 ' the encr yP ted software 15 is read 
from the software storage medium 11. In step S26 
the encrypted software is decrypted by the software 

:r: key s that the ^ 

As explained above, briefly; the medium kev is 

Figures 10A. 10B. and 10C are explanatory views 
of a program as electronic data. Figure 10Ashows L 

RguiToctan R ' 9 r re ^ ^ * ^^an and 
Hgure 10C ,s an explanatory view of execution of the 
software. In Fig. 10A, an optical magnetic disk 6 cor 

2 and 3. and stores the medium number 12, the per 
mission information 13 and the encrypted program ' 
16. The user buys the optical magnetic disk 6 and 
mounts this disk in an optical magnetic appa atus As 
other examples, an optica, disk, a CD-ROM a ftopoy 
disk a hard disk, a magnetic tape, a cassette tape 
and the like are known as storage media 

A program loader 61 has a function of a key qen- 
erating process (persona, key generating process 3 ?) 

34) and e toT^ ^ ^ 

from Z t , 6 Corres P° ndi ng decrypted program 
from the optical magnetic disk 6 into a main storagT 
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63 in an execution stage of the program instruction so 
that the execution state of the program is established. 
The main storage 63 is formed by a RAM to expand 
the plain text program which is taken from the optical 
magnetic disk 6. 5 

In Fig. 10B, in step S31, the program loader 61 
receives the execution instruction for the program. In 
step S32, the program loader 61 loads a program to 
be executed and decrypts it. In step S33, the plain text 
program is expanded in the main memory to obtain an 10 
executable plain text program. In step S34, the plain 
text program in the main memory is executed. 

In Fig. 10C, a relationship between the software 
storage medium and the user computer is explained 
in detail. 15 

(1 ) The user computer takes the medium number 
12 from the software storage medium 11, and 
sends it to the personal key generating circuit 311 
to generate the encrypted medium key (see, step 

S23 of Fig. 9). 20 

(2) The decrypting circuit 321 receives the per- 
mission information 13 from the software storage 
medium 1 3, and encrypts it based on the medium 
key from the generating circuit 311. As a result, 

the software decrypting key 351 (corresponding 25 
to the software decrypting key 35) is obtained by 
the decrypting circuit 321. 

(3) The decrypting circuit 341 receives the en- 
crypted software 15 from the software storage 
medium 11, and decrypts it based on the soft- 30 
ware decrypting key 351 to generate the plain 

text program, then the plain text program is stor- 
ed in the main storage 63. 

As explained above, it is impossible to decrypt 
the encrypted software 15 in which the permission in- 35 
formation 13 is not stored so that it is impossible to 
execute such a program. Further, if the software stor- 
age medium 11 is illegally copied by a third party, 
since the medium number 12 is not provided or is dif- 
ferent, it is impossible to decrypt the correct software 40 
decrypting key 351 from the permission information 
1 3. As a result, it is impossible to decrypt the encrypt- 
ed program so that it is impossible to execute the pro- 
gram. As explained above, in the user computer, an 
algorithm and a secret key in the personal key gen- 45 
erating circuit 311, a software decoding key, and the 
plain text software are protected by a known safety 
means. 

Figure 11 A, 11B, and 11C are explanatory views 
for electronic data, for example, character data (text), so 
symbols, image data, and sound data. Figure 11 A 
shows an entire structure, Figure 11 B shows a flow- 
chart, and Figure 11 C is an explanatory view showing 
execution of the software. 

In Fig. 11 A, an optical magnetic disk 6 corre- 55 
sponds to the software storage medium 11 of Figs. 2 
and 3, and stores the medium number 12, the permis- 
sion information 13 and the encrypted data 17. The 



user buys the optical magnetic disk 6 and mounts this 
disk in an optical magnetic apparatus. As other exam- 
ples, an optical disk, a CD-ROM, a floppy disk, a hard 
disk, a magnetic tape, a cassette tape, and the like 
are known as storage media. 

A read/write (R/W) module 64 has a function of a 
key generating process (personal key generating 
process 31) and a decrypting process (decrypting 
process 32 and 34), and stores the corresponding de- 
crypted data from the optical magnetic disk 6 into a 
main storage 63 in an execution stage of the read in- 
struction. The main storage 63 is formed by a RAM 
to expand the unencrypted data which is taken from 
the optical magnetic disk 6. 

In Fig. 11B, in step S41,the R/W module 64 exe- 
cutes an application program. In step S42, the R/W 
module 64 reads the data from the optical magnetic 
disk. In step S43, the R/W module takes the data and 
encrypts it. In step S44, the unencrypted data is stor- 
ed in the main memory 63. In step 45, the data is dis- 
played and reproduced. 

In Fig. 11C, a relationship between the data stor- 
age medium and the user computer is explained in ^ 
detail. 

(1 ) The user computer takes the medium number & 
12 from the data storage medium 111, and sends 

it to the personal key generating circuit 311 to 
generate the encrypted medium key (see, step 
S23 of Fig. 9). 

(2) The decrypting circuit 321 receives the per- & 
mission information 1 3 from t he data storage me- 3 
dium 111, and encrypts it based on the medium . -. ; > 
key from the generating circuit 311. As a result, 

the data decrypting key 352 (corresponding to 
the software decrypting key 35) is obtained by 
the decrypting circuit 321. 

(3) The decrypting circuit 341 receives the en- 
crypted data 15 from the data storage medium 
111, and decrypts it based on the data decrypting 
key 351 to generate the unencrypted data, then 
the unencrypted data is stored in the main stor- 
age 63. 

Figure 12 is an explanatory view of a ROM/RAM 
mixed type optical magnetic disk. The ROM/RAM 
mixed type optical magnetic disk has un-rewritable 
area for storing the medium number 12, and has a 
readable/writable area for the permission information 
13, and a read only area/write only area for the en- 
crypted software 1 5. In the present invention, the me- 
dium number is given to the optical magnetic disk to 
write the medium number into the un-rewritable area. 

Figure 13 is an explanatory view of the permis- 
sion information stored in another storage medium. In 
this case, the software storage medium previously 
stores the medium number and the encrypted soft- 
ware. The permission information is stored into an- 
other storage medium. This means that the medium 
number and the encrypted software (or, encrypted 
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14 



CD ROM P r ly Written 0nto ' for ex ^P'e. the 
information ,s previously written onto a floppy disk 

Rgure 14 is an explanatory view of multiple of 
software written onto one storage medium, for exam- 
ple an opt.cal disk and a CD-ROM. At the vendor Z 
encrypting circuit encrypts a plurality of software de 
cryphng keys 1 to N based on the persona, key to gen 
erate a plurality of permission information 1 to N e ach 
corresponding to each software decrypting key "to 

ed on ^Tu P6rmiSSi0n inf ° rmati0n 1 >s*°° 
ed on the software storage medium 

fmm^r USerre( ' uests a ^sired software name 
from the encrypted softwares 1 to N and informs itto 
the vendor, the vendor encrypts the software de 

ware"? ^ T t0 the •£ 

ware by the medium key generated by the medium 

number, and stores encrypted software onto tZ soft 

ware storage medium 11. The usermounts this 

ware storage medium into the computer, and the user 

computer decrypts the encrypted software to gen" 

ate the plain text software. 

ha, no 6 " ^ 3 US6r t0 USe SOf,ware fo ' which he 
has no perm.ss.on number, he cannot use such soft 

c7voted eC p aUS : lhe enCrmed S ° ftware cannot e"e. 
crypted. Further, even if the user copies the permis 

--mformation from another software storage^ 
drum 11. the medium number in the software storage 
med lum ca nnot be copjes sq ^ a <£ 

decrypt the software correctly. Accordingly it is pos 
s.ble to individually sell the software 

venZ^lTZ aCCOrdi " 9 t0 the P resent in- 

vention the med.um number 12 is stored on the stor- 

xnr 1 which stores the encr ^ ted 

the e Ltro Un -; e r table f0rm ' and P ermi ^n to use 
the electron* data ,s given by the medium key 12 Ac- 
cordingly, ,t is possible to use only the encrypted elec 
tromc data stored in correct medium 1 as Showed 
by the vendor so that it is possible to prevent Sal 
copying b a third party. Further , it £ poss et 
transfer the electronic data stored in the storage me! 

aae 1! " ^ * h p0SSib,e to — same stor- 
age med.um ,n another computer. Still further it is 
possibte to store a plurality of electronic data in one 
medium. Shi, further, it is possible to individually sen 
the storage medium. y 

Claims 



10 



15 



20 



25 



key based on the medium number (12). an elec- 
tronic data decrypting key (22). and an encrypt- 
ing means (23) for encrypting the electronic data 
decrypting key (22) based on the medium key to 
generate the encrypted permission informal 

a user computer having a personal kev 
generate means (31) for generating a medium 
key based on the medium number (12), a de- 
crypting means (32) for decrypting the encrypted 
permission information (13) based on the me 
d.um key to generate the electronic data decrvot- 
.ng key (33) which is the same as the elecZi C 
data decryptmg key (22) of the vendor computer! 
and a decrypting means (34) for decrypting the 

SET H lectronic data (14) based on < he ei ~ 

tromc data decrypting key (33) to generate a plain 
text electronic data. 

2 " TnclatT"'^ ^ Pr ° teCti0n SyStem as dalmml 
m claim 1 . wherein the electronic data is software 
used for a computer. 

3. An electronic data protection system as claimed 
-n c a,m 1 wherein the electronic data is elec Zn- 
ically published data. 



4. 



30 



35 



40 



45 



5. 



An electronic data protection system for protect- 

ZTT" tc data from i,,ega ' copyln 9 b y * 

party, comprising: 

a storage medium (l)forstoring encrypted 
electron* data (14). a medium number (12^1 
encrypted permission information (13)- 

I Vend ° r computer hav 'ng a personal key 
generating means (21) for generating a medium 



50 



55 



£ claim I 0 "? d3ta Pr ° teCti0n SyStem as c,a '>»ed 
<n claim 1 , wherein the storage medium (1 ) stores 

encrypted electronic data has a different elec- 
tron, data decrypting key; the vendor cottar 

crvoted I" e,eCtr ° niC k *y en- 

uln » h T° d3ta autho "^c by a vendor by 
using the med.um key. and stores the encrypted 
electronic data key onto the storage medium (1) 
as t he encrypted permission information; and 
he user computer decrypts the encrypted elec- 
tronic data corresponding ,o the encrypted per- 
mission information. 

tV^T'l^ Pr ° teCti0n SyStem as c,ai ™<* 
<n claim 1. wherein the user computer writes the 

medium number (12) onto the storage medium in 
an un-rewritable form. 

6 ' ^c.arm C ? ni H data Pr ° teCti0n SyStem as c,a '^d 
m claim 4. wherein the user computer writes the 
medium number (12) onto the storage medium in 
an un-rewritable form. "eoium <n 

7 ' ^otZTT ta protection system as c,a ^ed 

n claim 1. wherein the vendor computer stores 
the encrypted permission information onto an! 
strle me"; 1 ^ ""^ a " d the diffe ^t 

•»•'"«■.«.» 



8NSDOCI0: <EP 0561 685 A2J_> 



15 EP 0 561 685 A2 



8. An electronic data protection system as claimed 
in claim 1, wherein the vendor computer transfers 
the encrypted permission information to the user 
computer through a transmission line, and the 
user computer decrypts the encrypted electronic 5 
data from the storage medium based on the en- 
crypted permission information. 



9. An electronic data protection system as claimed 

in claim 1, wherein the vendor computer sends 10 
the encrypted permission information to the user 
in a document, and the user computer decrypts 
the encrypted electronic data from the storage 
medium based on the encrypted permission in- 
formation described in the document 15 

10. An electronic data protection system as claimed 
in claim 1 , wherein the storage medium is an opt- 
ical magnetic disk, or a partially embossed optical 
disk. 20 



11. An electronic data protection system as claimed 
in claim 1, wherein the vendor computer further 
comprises a software encrypting key manage- 
ment table including software names and en- 25 
crypting keys each corresponding to each of the 
software names. 



12. An electronic data protection system as claimed 

in claim 1, wherein the user computer further 30 
comprises a software decrypting key manage- 
ment table including software names and de- 
crypting keys each corresponding to each of the 
software names. 
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Fig. 5B 
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Fig. 11B 
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